summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23931: Use the new tdb_validate_and_backup function instead of pure ↵Michael Adam1-2/+2
tdb_validate in winbindd cache validation. Michael (This used to be commit 2c2a1ff2c27861ca87afbd8bab39d257a69e9565)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23769: Move removal of the tdb from the generic tdb_validate functionMichael Adam1-0/+6
to the caller (winbindd_validate_cache in this case). Next, there will be a backup handling for the tdb files. Michael (This used to be commit 821bc84109625c9d85edee38fa26d16f9f0a0fe2)
2007-10-10r23610: Move some winbindd_cache specific flags and actionsMichael Adam1-1/+19
back to winbindd_cache.c. The generic mechanism should open the cache tdb readonly and with default flags. Michael (This used to be commit 062d8c61294a1e9f8588fa8af31954dd286c7bde)
2007-10-10r23600: First step in abstracting the winbindd cache validationMichael Adam1-219/+25
code into a generic tdb validation code. In lib/util_tdb.c for a start. Michael (This used to be commit 527edfa0cbcb233218ebabc395666d1d7228ee37)
2007-10-10r23368: Make "winbind:rpc only" a full blown parameter. Thanks to Karolin forVolker Lendecke1-1/+1
the patch :-) (This used to be commit 07b71a02aef15b75d281cabeb7140db1bc0bb283)
2007-10-10r23355: Fix some more build warnings.Günther Deschner1-1/+1
Guenther (This used to be commit 23e25bba8fafb31492b517d63f0a00c5ec07d5da)
2007-10-10r23345: Stop Coverity from getting confused.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 8e83e4267260201777c753c4e3849d65fd20ae8f)
2007-10-10r23312: As per Volker, rename the "windbind:ads" parameter "winbind:rpc only".James Peach1-4/+3
(This used to be commit cbd083efb9a00db68be24cde10b96da06390d970)
2007-10-10r23297: This introduces the winbind:ads parameter which defaults to True. ↵Volker Lendecke1-1/+3
Setting it to False makes winbind use RPC and not LDAP methods to connect to the DCs, even when it figured out they are AD. (This used to be commit 1c1f710e3e2e222c9d91a5650844c1db5ebd5a3a)
2007-10-10r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter1-1/+3
> Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
2007-10-10r23039: merge from SAMBA_3_0_26:Stefan Metzmacher1-2/+1
use a helper function to construct the TDB_DATA key as strlen_m() is totally wrong here anyway metze (This used to be commit fb77cc7fbc0100c66365109ae6c3cc4824079a2e)
2007-10-10r22855: fix the buildMichael Adam1-7/+5
(#if inside DEBUG macro not allowed...) Michael (This used to be commit f0570dc3d9e07475764e466901d4abfe939590f8)
2007-10-10r22848: Fix brace alignment.Michael Adam1-1/+1
(This used to be commit d909a6064159bc746bd558238e81d57cc274a162)
2007-10-10r22847: The new validate_panic function calls exit (instead of settingMichael Adam1-19/+0
a global error flag an returning), so cleanups and returns subsequent to calls of smb_panic_fn have become unnecessary. (This used to be commit 9d2db8c70f10a9285abd4a61fa66ee8aff2e7e6b)
2007-10-10r22845: Modified and extended the winbindd cache validation code:Michael Adam1-137/+283
* Replaced signal catching/longjmp magic by a fork: Let the child do the actual validation of the entries. Exit code and signals are intercepted by waitpid. * Fix logic so that also encounter of an unknown key in the tdb leads to an error. * Extended status of validation is kept in a (as yet simple) stuct and communicated over a pipe from child to parent. * Added two validation_ functions for two new keys. The call of winbindd_validate_cache is still commented out in the winbindd main loop. But I am currently testing it and so far it seems to work fine. The next step in my plan is to generalize the validation mechanism to a tdb_open_log_validate function in lib/util_tdb.c. There ist nothing very special about the cache tdb here, and this might be useful elsewhere... Michael (This used to be commit 417325b9e6f9ac0afe1f2f3b552527788f6a7cee)
2007-10-10r22747: Fix some C++ warningsVolker Lendecke1-2/+2
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
2007-10-10r22726: When performing an offline logon for a user in a trusted domain,Gerald Carter1-0/+8
take care not to expire the name2sid cache entry just because that child does not know that the primary domain is offline. (This used to be commit 0399f52a1cdbb1acf8d41afddf498529ff4923cf)
2007-10-10r22725: * Don't try to update the sequence_number when offlineGerald Carter1-3/+11
* Log the NTSTATUS when saving name/sid cache entry * Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c to inform the wcache manager that the group list should not be cached (needed for one-way trusts). (This used to be commit 693ab48408dbb775b57dcc5140e27ad9221852a1)
2007-10-10r22710: Support one-way trusts.Gerald Carter1-3/+11
* Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * "getent passwd" and "getent group" for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. (This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
2007-10-10r22708: disable saving the trusted domain list as we want to the parent ↵Gerald Carter1-0/+6
daemon to manage the complete trusted domain cache (This used to be commit 3a9152a2acfc7b615a5c6b8764ea9462443f00d1)
2007-10-10r22700: Add a simple wcache TRUSTDOM api for maintaing a completeGerald Carter1-1/+463
list of trusted domains without requiring each winbindd process to aquire this on its own. This is needed for various idmap plugins and for dealing with different trust topoligies. list_trusted_domain() patches coming next. (This used to be commit 2da62a3d965a9701e16e644fd6bc728b43f28489)
2007-10-10r22643: Don't clear cached U/SID and UG/SID entries when we want to logon ↵Günther Deschner1-1/+8
offline. Guenther (This used to be commit 37f9f466fd05bb06d8539bdb2cb72a730c2af4f4)
2007-10-10r22636: Fix logic bug.Günther Deschner1-6/+6
We certainly don't want to crash winbind on each sucessfull centry_uint{8,16,32,64} read. Jeremy, please check :-) Guenther (This used to be commit bfcd10766bcac1d50f7624bbe5a72eca57b5e278)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-12/+22
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22466: Fix build warning.Günther Deschner1-1/+1
Guenther (This used to be commit d6f259e91862df043f14430a60e9d646e30fe632)
2007-10-10r22211: Don't return a value from void functions !Jeremy Allison1-1/+1
Jeremy. (This used to be commit 1dd8d3a723ac2262a45fcd717daef79bffbf30d5)
2007-10-10r22210: Fix typo in testing for non-centry entries.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b89ecbcac651034d818a41d8a1d0c5e7313f37b8)
2007-10-10r22209: Fix the storage of time_t -> make it 64 bits (use theJeremy Allison1-14/+112
same load/store function as NTTIME). Add a version number string to the winbindd cache so we can tell if it needs upgrading. THIS WILL DELETE ANY EXISTING winbindd_cache.tdb on first startup regardless of offline auth status. Once this is done we're in good shape though. Jeremy. (This used to be commit c52c7f91af80d5fbb2574b5acf10e6afef3b0c7e)
2007-10-10r22207: Fill in the validation functions. Now to test...Jeremy Allison1-28/+73
Jeremy. (This used to be commit fc2b9e860ef9512eb074622e0ad134ff3f30bfe7)
2007-10-10r22206: Added boilerplate to be filled in for other validation functions.Jeremy Allison1-0/+163
Jeremy. (This used to be commit 9be463eb0cb4d65c40e35c504059289696419486)
2007-10-10r22205: Add some flesh to the bones of the cache validation code.Jeremy Allison1-59/+209
Jeremy (This used to be commit b773ea2c8a107344fc524b41a2c81ecc723bd9ec)
2007-10-10r22202: Volker is clever :-). Use TDB_NOMMAP to prevent any wild pointerJeremy Allison1-1/+4
problems when validating the winbindd cache. Wish I'd have thought of that. Jeremy. (This used to be commit 6b0a8cbbb883b7041ed4b1f6c1ae90233921d154)
2007-10-10r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher1-12/+12
and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-6/+6
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21985: make use of string_tdb_data()Stefan Metzmacher1-8/+5
to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit a8bc20d67f481a790524cad24e253436227af721)
2007-10-10r21146: Fix debug typos.Günther Deschner1-1/+1
Guenther (This used to be commit cdef1d00b89abd632281d428f1e1a6b322559af4)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter1-1/+3
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-7/+6
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r20057: Attempt to fix connect timeouts when connected onJeremy Allison1-2/+3
a network but not one on which any home DC's can be found (hotel network problem). Still testing but this is getting close. Jeremy. (This used to be commit 369c9e4138b93f7cfb6680f0beb541f58554e856)
2007-10-10r19975: Deal with 2 keytypes I messed previously (DR/DE).Jeremy Allison1-2/+25
Fix code that mistakenly assumed tdb_traverse returned 0 or -1, it actually returns -1 or the number of entries traversed. Add a static as another way to return the bad cache value. Jeremy. (This used to be commit 5266a70ae9971eb54fa769f89bec7c688285e811)
2007-10-10r19974: Add freelist check for cache. Fix testing of entryJeremy Allison1-19/+19
names (all except SEQNUM are *not* null terminated strings). Jeremy. (This used to be commit bcb68260ba4e6a1ae6b681603367008309b9bfde)
2007-10-10r19958: Add check for WINBIND_OFFLINE key.Jeremy Allison1-0/+6
Jeremy. (This used to be commit 270e84db6de66b4f20dc0a564f706dae4c00b0b2)
2007-10-10r19957: Initial framework to make winbindd robustJeremy Allison1-0/+230
against tdb corruption. Needs fleshing out (and I forgot one record type) and needs helpful suggestion from Volker to validate freelist, but should give an idea of how this will look. Jeremy. (This used to be commit 8eb53f74e414483afde7b1e38ea2a3f56ae3ec66)
2007-10-10r19399: Now Guenther discovered one crash dereferencing domain->backends,Jeremy Allison1-1/+1
get paranoid. I don't think this can really happen, but let's be sure. Jeremy. (This used to be commit be4709984b8548abf10a5e9fabba21d53440c42a)
2007-10-10r19391: Fix crash bug within the winbind caching method.Günther Deschner1-0/+5
That one was hard to find: when coming from offline mode and switching to online, a refresh sequence number call (using the default MS-RPC mechanism) may reset domain->backend to NULL (by the set_domain_online event). We need to make sure to reidentify the remote domain in that case. Guenther (This used to be commit 4d6503d1377a262ba8b87f344be7daf04e011ef2)
2007-10-10r19371: Add two missing refresh_sequence_number calls where they are missingGünther Deschner1-0/+3
just before writing to the winbind cache tdb. Guenther (This used to be commit bd8548998b06a84c2e66acbcb68542a4b5d8b8df)
2007-10-10r19206: Jeremy, for some reason storing a value-less entry in TDB does not workGünther Deschner1-9/+3
anymore in 3_0. I'm just adding a time(NULL) as value for the WINBINDD_OFFLINE key. Guenther (This used to be commit 2bdf9f140f76d6eb73b34148c47f7d3447e2e563)
2007-10-10r19148: Finish last nights patch - make offlineJeremy Allison1-1/+1
work again. Still under test. Jeremy. (This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)